The Internet is one of the fastest growing and ubiquitous modes of commerce. Many companies have Internet servers prepared for commercial delivery of goods and services. At first, the products found on the Internet or more specifically, the world wide web (WWW) were computer-based products, but today, more and more businesses are competing to set up commercial services on the world wide web.
In many situations there is a need to establish the date on which a document was created and to prove that the text of a document in question is in fact the same as that of the original dated document. A traditional solution to this problem is to use a notary public. Traditional notarization is time-consuming, requires the physical presence of a licensed notary, does not detect many kinds of document tampering, and provides security relying solely on the integrity of the notary.
The increasingly widespread use of electronic documents, which include digital representations of readable text but also of video, audio, and pictorial data, now poses a serious challenge for establishing the date of any such document. Furthermore, the authentication of documents in a digital data format is achieving a greater significance in that it is becoming relatively common to exchange digital documents between parties to a transaction. For example, using Electronic Document Interchange (EDI) many companies now exchange purchase orders, invoices or similar documents electronically. However, if a dispute arises as to what was transmitted as opposed to what was received it is difficult to establish which version of a document is correct and/or has precedence in time. As a result, many EDI transactions having any monetary significance are normally confirmed with physical documents to provide a paper audit trail. However, reducing documents to physical form defeats in large measure the advantages of EDI.
Techniques for timestamping documents in digital data format are known in the art. For example, techniques for timestamping documents in digital data format are disclosed in U.S. Pat. No. 6,188,766 issued to Kocher Feb. 13, 2001, U.S. Pat. No. 5,136,647 issued to Haber et al. Aug. 4, 1992, U.S. Pat. No. 5,022,080 issued to Durst et al. Jun. 4, 1991 and U.S. Pat. No. 5,001,752 issued to Fischer Mar. 19, 1991, which are incorporated hereby for reference. All these techniques are based on the steps of providing a document, hashing the document, providing time data and encrypting the hashed document with the time data using an encryption key of a timestamping module. When the encrypted data is decrypted it verifies the timestamp as accurate.
However, these techniques are prone to tampering during test of a timestamp module or before a key is designated for timestamping purposes only. For example, if there is a secure key for use in encryption stored within a module false time data could be passed along with a document. The document is hashed and the time data and the document are encrypted with the key. The result looks like a timestamp. If that key later becomes a timestamping key or is set to timestamping by a dishonest person tampering with the module there is no guarantee that a timestamp is authentic.
Therefore, in an attempt to overcome these security risks of the prior art, it is an object of the invention to provide a method for secure timestamping of digital data.
It is further an object of the invention to provide a method and system for securely timestamping digital data.